Journal of Management Information Systems

Volume 41 Number 1 2024 pp. 236-265

Improving Threat Mitigation Through a Cybersecurity Risk Management Framework: A Computational Design Science Approach

Ampel, Benjamin M, Samtani, Sagar, Zhu, Hongyi, Chen, Hsinchun, and Nunamaker, Jay F

ABSTRACT:

Cyberattacks have been increasing in volume and intensity, necessitating proactive measures. Cybersecurity risk management frameworks are deployed to provide actionable intelligence to mitigate potential threats by analyzing the available cybersecurity data. Existing frameworks, such as MITRE ATT&CK, provide timely mitigation strategies against attacker capabilities yet do not account for hacker data when developing cyber threat intelligence. Therefore, we developed a novel information technology artifact, ATT&CK-Link, which incorporates a novel transformer and multi-teacher knowledge distillation design, to link hacker threats to this broadly used framework. Here, we illustrated how hospital systems can use this framework to proactively protect their cyberinfrastructure against hacker threats. Our ATT&CK-Link framework has practical implications for cybersecurity professionals, who can implement our framework to generate strategic, operational, and tactical cyber threat intelligence. ATT&CK-Link also contributes to the information systems knowledge base by providing design principles to pursue targeted cybersecurity analytics, risk management, and broader text analytics research through simultaneous multi-modal (e.g., text and code) distillation and classification.

Key words and phrases: Hacker forums, cyber threat intelligence, cybersecurity analytics, knowledge distillation, ATT&CK, cybersecurity risk management, deep learning, transformers, computational design science, risk management frameworks